diff --git a/0001-fix-param-error-and-compatible-with-mysql5.patch b/0001-fix-param-error-and-compatible-with-mysql5.patch new file mode 100644 index 0000000000000000000000000000000000000000..d93b2a9b12bb562195a5bdb6fe9cbefd1c2748fd --- /dev/null +++ b/0001-fix-param-error-and-compatible-with-mysql5.patch @@ -0,0 +1,69 @@ +From 1245772ace3a767e2e4909b44edbe34473563b0b Mon Sep 17 00:00:00 2001 +From: gongzt +Date: Fri, 20 Oct 2023 15:15:15 +0800 +Subject: fix param error and compatible with mysql 5.7 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +--- + apollo/database/proxy/cve.py | 9 ++++++--- + database/apollo.sql | 4 ++-- + 2 files changed, 8 insertions(+), 5 deletions(-) + +diff --git a/apollo/database/proxy/cve.py b/apollo/database/proxy/cve.py +index 257083a..8b56601 100644 +--- a/apollo/database/proxy/cve.py ++++ b/apollo/database/proxy/cve.py +@@ -662,8 +662,9 @@ class CveProxy(CveMysqlProxy, CveEsProxy): + + @staticmethod + def _sort_and_page_cve_list(data) -> dict: +- start_limt = int(data["per_page"]) * (int(data["page"]) - 1) +- end_limt = int(data["per_page"]) * int(data["page"]) ++ page, per_page = data.get('page', 1), data.get('per_page', 10) ++ start_limt = int(per_page) * (int(page) - 1) ++ end_limt = int(per_page) * int(page) + + # sort by host num by default + order_by_filed = data.get('sort', "cve_host_user_count.host_num") +@@ -682,11 +683,13 @@ class CveProxy(CveMysqlProxy, CveEsProxy): + Returns: + sqlalchemy.orm.query.Query: attention, two rows may have same cve id with different source package. + """ +- filters = {"username": data["username"], "search_key": None, "severity": None, "affected": True} ++ filters = {"username": data["username"], "search_key": None, "affected": True} + filters.update(data.get("filter", {})) + filters.update(self._sort_and_page_cve_list(data)) + if filters["severity"]: + filters["severity"] = ",".join(["'" + serverity + "'" for serverity in filters["severity"]]) ++ else: ++ filters["severity"] = None + + # Call stored procedure: GET_CVE_LIST_PRO + pro_result_set = self.session.execute( +diff --git a/database/apollo.sql b/database/apollo.sql +index 4e87727..2e0d757 100644 +--- a/database/apollo.sql ++++ b/database/apollo.sql +@@ -124,7 +124,7 @@ CREATE TABLE IF NOT EXISTS `task_rollback`( + PRIMARY KEY (`id`) USING BTREE + ) ENGINE = InnoDB CHARACTER SET = utf8mb4 COLLATE = utf8mb4_unicode_ci ROW_FORMAT = Dynamic; + +-CREATE PROCEDURE GET_CVE_LIST_PRO(IN username VARCHAR(20), IN search_key VARCHAR(100), IN severity VARCHAR(20), IN fixed TINYINT, IN affected TINYINT,IN order_by_filed VARCHAR(50),IN order_by VARCHAR(20),IN start_limt INT,IN end_limt INT) ++CREATE PROCEDURE GET_CVE_LIST_PRO(IN username VARCHAR(20), IN search_key VARCHAR(100), IN severity VARCHAR(20), IN fixed TINYINT, IN affected TINYINT,IN order_by_filed VARCHAR(100),IN order_by VARCHAR(20),IN start_limt INT,IN end_limt INT) + BEGIN + + DROP TABLE IF EXISTS cve_host_user_count; +@@ -183,7 +183,7 @@ BEGIN + SET @order_by_filed = 'cve_host_user_count.host_num'; + END IF; + +- SET @cve_list_sql = CONCAT(@cve_list_sql, ' ORDER BY ', order_by_filed ,' ', order_by,' limit ',start_limt ,' ,', end_limt); ++ SET @cve_list_sql = CONCAT(@cve_list_sql, ' ORDER BY ', @order_by_filed ,' ', order_by,' limit ',start_limt ,' ,', end_limt); + + prepare stmt from @cve_list_sql; + EXECUTE stmt; +-- +Gitee + diff --git a/0001-fix-updateinfo_parse.py-bug.patch b/0001-fix-updateinfo_parse.py-bug.patch deleted file mode 100644 index 75c600a95f0f6b705b3cff5eb79920a087e973bf..0000000000000000000000000000000000000000 --- a/0001-fix-updateinfo_parse.py-bug.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 68d4c8cad42960391998868f15e2f99b40daa216 Mon Sep 17 00:00:00 2001 -From: wang-guangge -Date: Tue, 19 Sep 2023 13:58:04 +0800 -Subject: [PATCH] fix updateinfo_parse.py bug - ---- - hotpatch/updateinfo_parse.py | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/hotpatch/updateinfo_parse.py b/hotpatch/updateinfo_parse.py -index 42e3814..7bfba61 100644 ---- a/hotpatch/updateinfo_parse.py -+++ b/hotpatch/updateinfo_parse.py -@@ -279,12 +279,12 @@ class HotpatchUpdateInfo(object): - hotpatch(Hotpatch) - """ - hotpatch.state = self.UNRELATED -+ is_find_installable_hp = False - for required_pkg_name, required_pkg_vere in hotpatch.required_pkgs_info.items(): - inst_pkgs = self._inst_pkgs_query.filter(name=required_pkg_name) - # check whether the relevant target required package is installed on this machine - if not inst_pkgs: - return -- is_find_installable_hp = False - for inst_pkg in inst_pkgs: - inst_pkg_vere = '%s-%s' % (inst_pkg.version, inst_pkg.release) - if not self.version.larger_than(required_pkg_vere, inst_pkg_vere): --- -2.33.0 - diff --git a/0002-add-repair-status-of-the-cve-fixed-package.patch b/0002-add-repair-status-of-the-cve-fixed-package.patch deleted file mode 100644 index b49e2e03d78c3de19a2a901e7dfb4f5e4199cdfe..0000000000000000000000000000000000000000 --- a/0002-add-repair-status-of-the-cve-fixed-package.patch +++ /dev/null @@ -1,67 +0,0 @@ -From 7797ac40d715c9e7d56f1d6c0053b699c42c4ac2 Mon Sep 17 00:00:00 2001 -From: gongzt -Date: Tue, 19 Sep 2023 18:45:38 +0800 -Subject: Added the repair status of the cve fixed package -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - ---- - apollo/database/proxy/cve.py | 19 +++++++++++++++---- - 1 file changed, 15 insertions(+), 4 deletions(-) - -diff --git a/apollo/database/proxy/cve.py b/apollo/database/proxy/cve.py -index 95de25c..c6d017e 100644 ---- a/apollo/database/proxy/cve.py -+++ b/apollo/database/proxy/cve.py -@@ -1562,21 +1562,25 @@ class CveProxy(CveMysqlProxy, CveEsProxy): - - cve_fixed_packages = ( - self.session.query( -+ CveHostAssociation.id, - CveHostAssociation.installed_rpm, - CveHostAssociation.fixed_way, - func.count(CveHostAssociation.host_id).label("host_num"), - ) - .filter(*filters) -- .group_by('installed_rpm', 'fixed_way') -+ .group_by('installed_rpm', 'fixed_way', 'id') - .all() - ) - if not cve_fixed_packages: - return NO_DATA, [] -+ cve_fixed_packages_status = ( -+ self.session.query(CveHostAssociation.id, CveHostAssociation.hp_status).filter(*filters).all() -+ ) - -- return SUCCEED, self._cve_fixed_packages_row2dict(cve_fixed_packages) -+ return SUCCEED, self._cve_fixed_packages_row2dict(cve_fixed_packages, cve_fixed_packages_status) - - @staticmethod -- def _cve_fixed_packages_row2dict(rows): -+ def _cve_fixed_packages_row2dict(rows, cve_fixed_packages_status): - """ - Fixed cve package row data converted to dictionary - Args: -@@ -1586,10 +1590,17 @@ class CveProxy(CveMysqlProxy, CveEsProxy): - list - """ - result = [] -+ cve_fixed_packages_status_dict = { -+ cve_host_match.id: cve_host_match.hp_status for cve_host_match in cve_fixed_packages_status -+ } - for row in rows: -+ status = cve_fixed_packages_status_dict[row.id] if cve_fixed_packages_status_dict[row.id] else "" -+ fixed_way = row.fixed_way -+ if fixed_way != "coldpatch": -+ fixed_way = fixed_way + f" ({status})" - fixed_rpm = { - "installed_rpm": row.installed_rpm, -- "fixed_way": row.fixed_way, -+ "fixed_way": fixed_way, - "host_num": row.host_num, - } - result.append(fixed_rpm) --- -Gitee - diff --git a/0002-fix-query-all-by-cve-list.patch b/0002-fix-query-all-by-cve-list.patch new file mode 100644 index 0000000000000000000000000000000000000000..e639927065ad1d30a169fbb7c13073ce2f649efd --- /dev/null +++ b/0002-fix-query-all-by-cve-list.patch @@ -0,0 +1,80 @@ +From 82efc83dabc56be1fc05a8f31277efca85494591 Mon Sep 17 00:00:00 2001 +From: gongzt +Date: Fri, 20 Oct 2023 17:38:08 +0800 +Subject: cve list支持查询全部数据 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +--- + apollo/database/proxy/cve.py | 18 ++++++++++-------- + database/apollo.sql | 6 +++++- + 2 files changed, 15 insertions(+), 9 deletions(-) + +diff --git a/apollo/database/proxy/cve.py b/apollo/database/proxy/cve.py +index 8b56601..afa4831 100644 +--- a/apollo/database/proxy/cve.py ++++ b/apollo/database/proxy/cve.py +@@ -655,24 +655,26 @@ class CveProxy(CveMysqlProxy, CveEsProxy): + description_dict = self._get_cve_description([cve_info["cve_id"] for cve_info in cve_list]) + + result['result'] = self._add_description_to_cve(cve_list, description_dict) +- result['total_page'] = math.ceil(total / data["per_page"]) ++ result['total_page'] = math.ceil(total / data.get("per_page", total)) + result['total_count'] = total + + return result + + @staticmethod + def _sort_and_page_cve_list(data) -> dict: +- page, per_page = data.get('page', 1), data.get('per_page', 10) +- start_limt = int(per_page) * (int(page) - 1) +- end_limt = int(per_page) * int(page) ++ sort_page = dict(start_limt=0, end_limt=0) ++ page, per_page = data.get('page'), data.get('per_page') ++ if all((page, per_page)): ++ sort_page['start_limt'] = int(per_page) * (int(page) - 1) ++ sort_page['end_limt'] = int(per_page) * int(page) + + # sort by host num by default + order_by_filed = data.get('sort', "cve_host_user_count.host_num") + if order_by_filed == "host_num": + order_by_filed = "cve_host_user_count.host_num" +- order_by = "dsc" if data.get("direction") == "desc" else "asc" +- +- return {"start_limt": start_limt, "end_limt": end_limt, "order_by_filed": order_by_filed, "order_by": order_by} ++ sort_page["order_by_filed"] = order_by_filed ++ sort_page["order_by"] = "dsc" if data.get("direction") == "desc" else "asc" ++ return sort_page + + def _query_cve_list(self, data): + """ +@@ -686,7 +688,7 @@ class CveProxy(CveMysqlProxy, CveEsProxy): + filters = {"username": data["username"], "search_key": None, "affected": True} + filters.update(data.get("filter", {})) + filters.update(self._sort_and_page_cve_list(data)) +- if filters["severity"]: ++ if filters.get("severity"): + filters["severity"] = ",".join(["'" + serverity + "'" for serverity in filters["severity"]]) + else: + filters["severity"] = None +diff --git a/database/apollo.sql b/database/apollo.sql +index 2e0d757..a3c4ddc 100644 +--- a/database/apollo.sql ++++ b/database/apollo.sql +@@ -183,7 +183,11 @@ BEGIN + SET @order_by_filed = 'cve_host_user_count.host_num'; + END IF; + +- SET @cve_list_sql = CONCAT(@cve_list_sql, ' ORDER BY ', @order_by_filed ,' ', order_by,' limit ',start_limt ,' ,', end_limt); ++ SET @cve_list_sql = CONCAT(@cve_list_sql, ' ORDER BY ', @order_by_filed ,' ', order_by); ++ ++ IF end_limt!=0 THEN ++ SET @cve_list_sql = CONCAT(@cve_list_sql, ' limit ',start_limt ,' ,', end_limt); ++ END IF; + + prepare stmt from @cve_list_sql; + EXECUTE stmt; +-- +Gitee + diff --git a/0003-fix-cve-list-get-api-query-error.patch b/0003-fix-cve-list-get-api-query-error.patch new file mode 100644 index 0000000000000000000000000000000000000000..3bed10956263ef4933253c61d1738479b05ddb42 --- /dev/null +++ b/0003-fix-cve-list-get-api-query-error.patch @@ -0,0 +1,63 @@ +From b5b9f18abefeed4906a9aa469e4d0a591a2a5809 Mon Sep 17 00:00:00 2001 +From: root +Date: Fri, 20 Oct 2023 21:43:36 +0800 +Subject: [PATCH 1/1] fix cve_list_get api query error + +--- + apollo/database/proxy/host.py | 13 ++++++++----- + database/apollo.sql | 10 ++++++---- + 2 files changed, 14 insertions(+), 9 deletions(-) + +diff --git a/apollo/database/proxy/host.py b/apollo/database/proxy/host.py +index b3cabb6..2ce2005 100644 +--- a/apollo/database/proxy/host.py ++++ b/apollo/database/proxy/host.py +@@ -126,15 +126,18 @@ class HostMysqlProxy(MysqlProxy): + Returns: + dict + """ ++ subquery = self.session.query( ++ CveHostAssociation.host_id, CveHostAssociation.cve_id, CveHostAssociation.fixed, CveHostAssociation.affected ++ ).filter(CveHostAssociation.host_id.in_(host_ids)).distinct().subquery() ++ + + host_cve_fixed_list = ( + self.session.query( +- CveHostAssociation.host_id, +- func.COUNT(func.IF(CveHostAssociation.fixed == True, 1, None)).label("fixed_cve_num"), +- func.COUNT(func.IF(CveHostAssociation.fixed == False, 1, None)).label("unfixed_cve_num"), ++ subquery.c.host_id, ++ func.COUNT(func.IF(subquery.c.fixed == True, 1, None)).label("fixed_cve_num"), ++ func.COUNT(func.IF(subquery.c.fixed == False, 1, None)).label("unfixed_cve_num"), + ) +- .filter(CveHostAssociation.host_id.in_(host_ids)) +- .group_by(CveHostAssociation.host_id) ++ .group_by(subquery.c.host_id) + .all() + ) + return host_cve_fixed_list +diff --git a/database/apollo.sql b/database/apollo.sql +index a3c4ddc..c756ad2 100644 +--- a/database/apollo.sql ++++ b/database/apollo.sql +@@ -179,11 +179,13 @@ BEGIN + SET @cve_list_page_count_sql = CONCAT(@cve_list_page_count_sql, 'AND cve.severity IN (', severity, ') '); + END IF; + +- IF order_by_filed IS NULL or order_by_filed ='' THEN +- SET @order_by_filed = 'cve_host_user_count.host_num'; +- END IF; ++-- IF order_by_filed IS NULL or order_by_filed ='' THEN ++-- SET @order_by_filed = 'cve_host_user_count.host_num'; ++-- END IF; ++-- MySql 5.7 version '@' index error ++ ++ SET @cve_list_sql = CONCAT(@cve_list_sql, ' ORDER BY ', order_by_filed ,' ', order_by); + +- SET @cve_list_sql = CONCAT(@cve_list_sql, ' ORDER BY ', @order_by_filed ,' ', order_by); + + IF end_limt!=0 THEN + SET @cve_list_sql = CONCAT(@cve_list_sql, ' limit ',start_limt ,' ,', end_limt); +-- +2.33.0 + diff --git a/0004-fix-query-cve-list-error-and-sql-error.patch b/0004-fix-query-cve-list-error-and-sql-error.patch new file mode 100644 index 0000000000000000000000000000000000000000..a7e9708948ec0a19234325c05678c12f91a0dc55 --- /dev/null +++ b/0004-fix-query-cve-list-error-and-sql-error.patch @@ -0,0 +1,120 @@ +From 95a541a7cd17486d60f0ef13a03756f6bbc799f0 Mon Sep 17 00:00:00 2001 +From: gongzt +Date: Mon, 23 Oct 2023 09:44:30 +0800 +Subject: Fixed many issues with cvelist queries (package fuzzy matching, page confusion, sorting is not supported) and rpm packet loss when generating repair tasks +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +--- + apollo/database/proxy/cve.py | 19 ++++++++----------- + apollo/database/proxy/task.py | 6 ++++-- + database/apollo.sql | 13 ++++--------- + 3 files changed, 16 insertions(+), 22 deletions(-) + +diff --git a/apollo/database/proxy/cve.py b/apollo/database/proxy/cve.py +index afa4831..2b82cf6 100644 +--- a/apollo/database/proxy/cve.py ++++ b/apollo/database/proxy/cve.py +@@ -655,25 +655,22 @@ class CveProxy(CveMysqlProxy, CveEsProxy): + description_dict = self._get_cve_description([cve_info["cve_id"] for cve_info in cve_list]) + + result['result'] = self._add_description_to_cve(cve_list, description_dict) +- result['total_page'] = math.ceil(total / data.get("per_page", total)) +- result['total_count'] = total +- ++ if total: ++ result['total_page'] = math.ceil(total / data.get("per_page", total)) ++ result['total_count'] = total + return result + + @staticmethod + def _sort_and_page_cve_list(data) -> dict: +- sort_page = dict(start_limt=0, end_limt=0) ++ sort_page = dict(start_limt=0, limt_size=0) + page, per_page = data.get('page'), data.get('per_page') + if all((page, per_page)): + sort_page['start_limt'] = int(per_page) * (int(page) - 1) +- sort_page['end_limt'] = int(per_page) * int(page) ++ sort_page['limt_size'] = int(per_page) + + # sort by host num by default +- order_by_filed = data.get('sort', "cve_host_user_count.host_num") +- if order_by_filed == "host_num": +- order_by_filed = "cve_host_user_count.host_num" +- sort_page["order_by_filed"] = order_by_filed +- sort_page["order_by"] = "dsc" if data.get("direction") == "desc" else "asc" ++ sort_page["order_by_filed"] = data.get('sort', "host_num") ++ sort_page["order_by"] = "dsc" if data.get("direction") == "dsc" else "asc" + return sort_page + + def _query_cve_list(self, data): +@@ -695,7 +692,7 @@ class CveProxy(CveMysqlProxy, CveEsProxy): + + # Call stored procedure: GET_CVE_LIST_PRO + pro_result_set = self.session.execute( +- "CALL GET_CVE_LIST_PRO(:username,:search_key,:severity,:fixed,:affected,:order_by_filed,:order_by,:start_limt,:end_limt)", ++ "CALL GET_CVE_LIST_PRO(:username,:search_key,:severity,:fixed,:affected,:order_by_filed,:order_by,:start_limt,:limt_size)", + filters, + ) + cursor = pro_result_set.cursor +diff --git a/apollo/database/proxy/task.py b/apollo/database/proxy/task.py +index de151b2..b1d53c4 100644 +--- a/apollo/database/proxy/task.py ++++ b/apollo/database/proxy/task.py +@@ -2832,9 +2832,11 @@ class TaskProxy(TaskMysqlProxy, TaskEsProxy): + ) + cve_host_package_dict = dict() + for host_id in host_rpms["host_ids"]: +- filter_host_package = filter(lambda host_package: host_package.host_id == int(host_id), cve_host_packages) ++ filter_host_package = list( ++ filter(lambda host_package: host_package.host_id == int(host_id), cve_host_packages) ++ ) + if not host_rpm_dict: +- installed_rpm = self._filter_installed_rpm(list(filter_host_package)) ++ installed_rpm = self._filter_installed_rpm(filter_host_package) + cve_host_package_dict[host_id] = installed_rpm + continue + +diff --git a/database/apollo.sql b/database/apollo.sql +index c756ad2..a87f85c 100644 +--- a/database/apollo.sql ++++ b/database/apollo.sql +@@ -124,7 +124,7 @@ CREATE TABLE IF NOT EXISTS `task_rollback`( + PRIMARY KEY (`id`) USING BTREE + ) ENGINE = InnoDB CHARACTER SET = utf8mb4 COLLATE = utf8mb4_unicode_ci ROW_FORMAT = Dynamic; + +-CREATE PROCEDURE GET_CVE_LIST_PRO(IN username VARCHAR(20), IN search_key VARCHAR(100), IN severity VARCHAR(20), IN fixed TINYINT, IN affected TINYINT,IN order_by_filed VARCHAR(100),IN order_by VARCHAR(20),IN start_limt INT,IN end_limt INT) ++CREATE PROCEDURE GET_CVE_LIST_PRO(IN username VARCHAR(20), IN search_key VARCHAR(100), IN severity VARCHAR(200), IN fixed TINYINT, IN affected TINYINT,IN order_by_filed VARCHAR(100),IN order_by VARCHAR(20),IN start_limt INT,IN limt_size INT) + BEGIN + + DROP TABLE IF EXISTS cve_host_user_count; +@@ -135,9 +135,6 @@ BEGIN + cve_host_match FORCE INDEX (ix_cve_host_match_host_id) + WHERE 1=1 '; + +- IF search_key is not null and search_key !='' THEN +- SET @tmp_cve_host_count_sql = CONCAT(@tmp_cve_host_count_sql, ' AND LOCATE("', search_key, '", cve_id) > 0 '); +- END IF; + IF fixed is not null THEN + SET @tmp_cve_host_count_sql = CONCAT(@tmp_cve_host_count_sql, ' AND fixed = ', fixed, ' '); + END IF; +@@ -183,12 +180,10 @@ BEGIN + -- SET @order_by_filed = 'cve_host_user_count.host_num'; + -- END IF; + -- MySql 5.7 version '@' index error ++ SET @cve_list_sql = CONCAT('select s.* from ( ', @cve_list_sql,' ) as s ',' ORDER BY ', order_by_filed ,' ', order_by); + +- SET @cve_list_sql = CONCAT(@cve_list_sql, ' ORDER BY ', order_by_filed ,' ', order_by); +- +- +- IF end_limt!=0 THEN +- SET @cve_list_sql = CONCAT(@cve_list_sql, ' limit ',start_limt ,' ,', end_limt); ++ IF limt_size!=0 THEN ++ SET @cve_list_sql = CONCAT(@cve_list_sql, ' limit ',start_limt ,' ,', limt_size); + END IF; + + prepare stmt from @cve_list_sql; +-- +Gitee + diff --git a/0005-fix-the-severity-field-filtering-error.patch b/0005-fix-the-severity-field-filtering-error.patch new file mode 100644 index 0000000000000000000000000000000000000000..0f55ce5217cbd997e8724625b316bc5c7da4d313 --- /dev/null +++ b/0005-fix-the-severity-field-filtering-error.patch @@ -0,0 +1,56 @@ +From 93b6f17d081227f619cc22fb5ba6918937c8dd2e Mon Sep 17 00:00:00 2001 +From: rabbitali +Date: Mon, 23 Oct 2023 11:16:47 +0800 +Subject: [PATCH 1/1] fix the severity field filtering error + +--- + apollo/conf/constant.py | 4 ++-- + apollo/database/proxy/cve.py | 2 +- + apollo/handler/cve_handler/manager/parse_unaffected.py | 2 +- + 3 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/apollo/conf/constant.py b/apollo/conf/constant.py +index e2d91a6..878e86f 100644 +--- a/apollo/conf/constant.py ++++ b/apollo/conf/constant.py +@@ -74,11 +74,11 @@ class CveSeverity: + HIGH = "High" + MEDIUM = "Medium" + LOW = "Low" +- NONE = "None" ++ UNKNOWN = "Unknown" + + @staticmethod + def attribute(): +- return [CveSeverity.CRITICAL, CveSeverity.HIGH, CveSeverity.MEDIUM, CveSeverity.LOW, CveSeverity.NONE] ++ return [CveSeverity.CRITICAL, CveSeverity.HIGH, CveSeverity.MEDIUM, CveSeverity.LOW, CveSeverity.UNKNOWN] + + + class TaskType: +diff --git a/apollo/database/proxy/cve.py b/apollo/database/proxy/cve.py +index 2b82cf6..f83784a 100644 +--- a/apollo/database/proxy/cve.py ++++ b/apollo/database/proxy/cve.py +@@ -670,7 +670,7 @@ class CveProxy(CveMysqlProxy, CveEsProxy): + + # sort by host num by default + sort_page["order_by_filed"] = data.get('sort', "host_num") +- sort_page["order_by"] = "dsc" if data.get("direction") == "dsc" else "asc" ++ sort_page["order_by"] = data.get("direction", "asc") + return sort_page + + def _query_cve_list(self, data): +diff --git a/apollo/handler/cve_handler/manager/parse_unaffected.py b/apollo/handler/cve_handler/manager/parse_unaffected.py +index b680123..e9eed57 100644 +--- a/apollo/handler/cve_handler/manager/parse_unaffected.py ++++ b/apollo/handler/cve_handler/manager/parse_unaffected.py +@@ -137,5 +137,5 @@ def parse_cve_severity(cve_score: str) -> str: + elif cvss_score > CvssScore.NONE: + severity = CveSeverity.LOW + else: +- severity = CveSeverity.NONE ++ severity = CveSeverity.UNKNOWN + return severity +-- +2.33.0 + diff --git a/0006-fix-cve-list-by-host-count.patch b/0006-fix-cve-list-by-host-count.patch new file mode 100644 index 0000000000000000000000000000000000000000..52e37891f1d0e3f91c9b9ad3d6a42ea8fe02b6fc --- /dev/null +++ b/0006-fix-cve-list-by-host-count.patch @@ -0,0 +1,28 @@ +From c4e6df14e518206ee9f4de55b3ba45f9f6632d1b Mon Sep 17 00:00:00 2001 +From: gongzt +Date: Mon, 23 Oct 2023 15:39:44 +0800 +Subject: Fixed the problem that the number of hosts in the cve list repeated statistics +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +--- + database/apollo.sql | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/database/apollo.sql b/database/apollo.sql +index a87f85c..b79707b 100644 +--- a/database/apollo.sql ++++ b/database/apollo.sql +@@ -130,7 +130,7 @@ BEGIN + DROP TABLE IF EXISTS cve_host_user_count; + SET @tmp_cve_host_count_sql = 'CREATE TEMPORARY TABLE cve_host_user_count SELECT + cve_id, +- COUNT(host_id) AS host_num ++ COUNT(DISTINCT host_id) AS host_num + FROM + cve_host_match FORCE INDEX (ix_cve_host_match_host_id) + WHERE 1=1 '; +-- +Gitee + diff --git a/0007-fix-data-correction-task-execution-error.patch b/0007-fix-data-correction-task-execution-error.patch new file mode 100644 index 0000000000000000000000000000000000000000..f3e532e56f8a84064f9a9f1b62933085f2aaa344 --- /dev/null +++ b/0007-fix-data-correction-task-execution-error.patch @@ -0,0 +1,41 @@ +From fc2c7e76531306699e5c5dd0273dfe5fe521d2f8 Mon Sep 17 00:00:00 2001 +From: rabbitali +Date: Tue, 24 Oct 2023 20:39:44 +0800 +Subject: [PATCH 2/2] fix data correction task execution error + +--- + apollo/database/proxy/task.py | 2 +- + conf/apollo_crontab.yml | 5 ++--- + 2 files changed, 3 insertions(+), 4 deletions(-) + +diff --git a/apollo/database/proxy/task.py b/apollo/database/proxy/task.py +index b1d53c4..17cb274 100644 +--- a/apollo/database/proxy/task.py ++++ b/apollo/database/proxy/task.py +@@ -3214,7 +3214,7 @@ class TaskProxy(TaskMysqlProxy, TaskEsProxy): + task_id_list = task_cve_id_list + task_repo_id_list + + task_query = self.session.query(Task).filter(Task.task_id.in_(task_id_list)).all() +- running_task_list = [(task.task_id, task.task_type, task.create_time) for task in task_query] ++ running_task_list = [(task.task_id, task.create_time) for task in task_query] + return running_task_list, host_info_list + + def update_host_status(self, host_id_list: list): +diff --git a/conf/apollo_crontab.yml b/conf/apollo_crontab.yml +index 29c17b4..4a1f1e9 100644 +--- a/conf/apollo_crontab.yml ++++ b/conf/apollo_crontab.yml +@@ -44,6 +44,5 @@ + type: data_correct + enable: true + timed: +- day_of_week: 0-6 +- hour: 3 +- trigger: cron +\ No newline at end of file ++ minutes: 20 ++ trigger: interval +\ No newline at end of file +-- +2.33.0 + diff --git a/0008-update-apollo-database-proxy-host.py.patch b/0008-update-apollo-database-proxy-host.py.patch new file mode 100644 index 0000000000000000000000000000000000000000..0ec1d970f75cbc6ea75d21a3d2f5d3e65e33027a --- /dev/null +++ b/0008-update-apollo-database-proxy-host.py.patch @@ -0,0 +1,27 @@ +From a07a830d931dbcd60deb3c753414defe3e036a20 Mon Sep 17 00:00:00 2001 +From: xuyongliang_01 +Date: Mon, 23 Oct 2023 06:35:14 +0000 +Subject: [PATCH 1/2] update apollo/database/proxy/host.py. + +Signed-off-by: xuyongliang_01 +--- + apollo/database/proxy/host.py | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/apollo/database/proxy/host.py b/apollo/database/proxy/host.py +index 2ce2005..282193b 100644 +--- a/apollo/database/proxy/host.py ++++ b/apollo/database/proxy/host.py +@@ -15,9 +15,6 @@ Time: + Author: + Description: Host table operation + """ +-import math +-from collections import defaultdict +-from typing import List, Tuple + + from sqlalchemy import and_, case, func, or_ + from sqlalchemy.exc import SQLAlchemyError +-- +2.33.0 + diff --git a/0009-fix-filename-bug-in-gen_updateinfo.py.patch b/0009-fix-filename-bug-in-gen_updateinfo.py.patch new file mode 100644 index 0000000000000000000000000000000000000000..e53cf632442d9fbdc4d3b39dfeec35deadba6db9 --- /dev/null +++ b/0009-fix-filename-bug-in-gen_updateinfo.py.patch @@ -0,0 +1,26 @@ +From 175d79fa735de0ac315c1c9b3893ff850a478b38 Mon Sep 17 00:00:00 2001 +From: wang-guangge +Date: Tue, 14 Nov 2023 15:03:21 +0800 +Subject: [PATCH] fix filename bug in gen_updateinfo.py + +--- + aops-apollo-tool/aops_apollo_tool/gen_updateinfo.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/aops-apollo-tool/aops_apollo_tool/gen_updateinfo.py b/aops-apollo-tool/aops_apollo_tool/gen_updateinfo.py +index 26d0704..5785c7c 100644 +--- a/aops-apollo-tool/aops_apollo_tool/gen_updateinfo.py ++++ b/aops-apollo-tool/aops_apollo_tool/gen_updateinfo.py +@@ -144,8 +144,8 @@ def generate_package_list(package_dir: str) -> Element: + + filename.text = "%s-%s-%s.%s.rpm" % ( + package.attrib['name'], +- package.attrib['release'], + package.attrib['version'], ++ package.attrib['release'], + package.attrib['arch'], + ) + +-- +2.27.0 + diff --git a/aops-apollo-v1.3.2.tar.gz b/aops-apollo-v1.3.4.tar.gz similarity index 40% rename from aops-apollo-v1.3.2.tar.gz rename to aops-apollo-v1.3.4.tar.gz index b620e7ce09d3fbd2c1f140165e539d3b0aa5e487..534e301e3820f279c8e3dd3a96828aa1de0f62d8 100644 Binary files a/aops-apollo-v1.3.2.tar.gz and b/aops-apollo-v1.3.4.tar.gz differ diff --git a/aops-apollo.spec b/aops-apollo.spec index 6c75332d29c614997da1d8b3bd8918d28005bf46..234daca153d2a951e360268ab726e7b334e7fa1c 100644 --- a/aops-apollo.spec +++ b/aops-apollo.spec @@ -1,32 +1,32 @@ Name: aops-apollo -Version: v1.3.2 -Release: 3 +Version: v1.3.4 +Release: 10 Summary: Cve management service, monitor machine vulnerabilities and provide fix functions. License: MulanPSL2 URL: https://gitee.com/openeuler/%{name} Source0: %{name}-%{version}.tar.gz - +Patch0001: 0001-fix-param-error-and-compatible-with-mysql5.patch +Patch0002: 0002-fix-query-all-by-cve-list.patch +Patch0003: 0003-fix-cve-list-get-api-query-error.patch +Patch0004: 0004-fix-query-cve-list-error-and-sql-error.patch +Patch0005: 0005-fix-the-severity-field-filtering-error.patch +Patch0006: 0006-fix-cve-list-by-host-count.patch +Patch0007: 0007-fix-data-correction-task-execution-error.patch +Patch0008: 0008-update-apollo-database-proxy-host.py.patch +Patch0009: 0009-fix-filename-bug-in-gen_updateinfo.py.patch BuildRequires: python3-setuptools -Requires: aops-vulcanus >= v1.2.0 -Requires: python3-elasticsearch python3-flask-restful python3-marshmallow >= 3.13.0 +Requires: aops-vulcanus >= v1.3.0 +Requires: python3-elasticsearch >= 7 python3-flask-restful python3-marshmallow >= 3.13.0 Requires: python3-sqlalchemy python3-PyMySQL python3-Flask-APScheduler >= 1.11.0 -Requires: python3-PyYAML python3-flask python3-gevent +Requires: python3-PyYAML python3-flask python3-gevent python3-uWSGI Requires: python3-retrying python3-lxml Provides: aops-apollo -Patch0001: 0001-fix-updateinfo_parse.py-bug.patch -Patch0002: 0002-add-repair-status-of-the-cve-fixed-package.patch %description Cve management service, monitor machine vulnerabilities and provide fix functions. -%package -n dnf-hotpatch-plugin -Summary: dnf hotpatch plugin -Requires: python3-hawkey python3-dnf syscare >= 1.0.1 - -%description -n dnf-hotpatch-plugin -dnf hotpatch plugin, it's about hotpatch query and fix %package -n aops-apollo-tool Summary: Small tools for aops-apollo, e.g. updateinfo.xml generater @@ -57,9 +57,6 @@ pushd aops-apollo-tool %py3_install popd -#install for aops-dnf-plugin -cp -r hotpatch %{buildroot}/%{python3_sitelib}/dnf-plugins/ - %files %doc README.* @@ -71,8 +68,6 @@ cp -r hotpatch %{buildroot}/%{python3_sitelib}/dnf-plugins/ %{python3_sitelib}/apollo/* %attr(0755, root, root) /opt/aops/database/* -%files -n dnf-hotpatch-plugin -%{python3_sitelib}/dnf-plugins/* %files -n aops-apollo-tool %attr(0644,root,root) %{_sysconfdir}/aops_apollo_tool/updateinfo_config.ini @@ -81,6 +76,52 @@ cp -r hotpatch %{buildroot}/%{python3_sitelib}/dnf-plugins/ %{python3_sitelib}/aops_apollo_tool/* %changelog +* Tue Nov 14 2023 wangguangge - v1.3.4-10 +- fix filename bug in aops-apollo-tool + +* Mon Nov 13 2023 wenxin - v1.3.4-9 +- Update the installation dependencies + +* Tue Oct 24 2023 wenxin - v1.3.4-8 +- fix data correction task execution error + +* Mon Oct 23 2023 gongzhengtang - v1.3.4-7 +- fixed the problem that the number of hosts in the cve list repeated statistics + +* Mon Oct 23 2023 wenxin - v1.3.4-6 +- fix the severity field filtering error + +* Mon Oct 23 2023 gongzhengtang - v1.3.4-5 +- fixed many issues with cvelist queries (package fuzzy matching, page confusion, sorting is not supported) and rpm packet loss when generating repair tasks + +* Fri Oct 20 2023 wenxin - v1.3.4-4 +- fix cve_list_get api query error + +* Fri Oct 20 2023 gongzhengtang - v1.3.4-3 +- fix query all by cve list api + +* Fri Oct 20 2023 gongzhengtang - v1.3.4-2 +- fix param error and compatible with mysql 5.7 + +* Thu Oct 19 2023 gongzhengtang - v1.3.4-1 +- Remove hotpatch + +* Wed Oct 18 2023 gongzhengtang - v1.3.3-2 +- optimize cve query performance +- fixed errors in 20.03-sp3, such as task progress, cve repair task, and host cve query + +* Thu Sep 21 2023 zhuyuncheng - v1.3.3-1 +- update typing and requires version + +* Thu Sep 21 2023 wangguangge - v1.3.2-6 +- fix the hot_updateinfo.py bug + +* Wed Sep 20 2023 gongzhengtang - v1.3.2-5 +- add fixed and hp_status filter + +* Wed Sep 20 2023 wangguangge - v1.3.2-4 +- fix the hotupgrade.py bug + * Tue Sep 19 2023 gongzhengtang - v1.3.2-3 - added the repair status of the cve fixed package